堆栈内存溢出
  简体   繁体   English

Spring Boot 2 Interceptor在每个请求上都解析“ / login”

[英]Spring Boot 2 Interceptor resolves `/login' on every request

 原文  2019-07-08 08:41:20       java/ spring/ spring-boot/ spring-security

问题描述

Inside Spring boot security I'm trying to redirect server side the login page within Spring boot automatically to an overview page if I detect that the user is already logged in. The login screen should only show when the user is logged out. 在Spring Boot安全性内部,如果我检测到用户已登录,则尝试将服务器端在Spring Boot中的登录页面自动重定向到概述页面。仅在用户注销时才显示登录屏幕。 

@Configuration
public class MvcConfig implements WebMvcConfigurer
{

   @Override
   public void addInterceptors( InterceptorRegistry registry )
   {
      registry.addInterceptor( new LoginInterceptor() ).addPathPatterns( "/login" );
   }

Inside LoginInterceptor I have: 在LoginInterceptor内部,我有: 

   @Override
   public boolean preHandle( HttpServletRequest request, HttpServletResponse response, Object handler ) throws Exception
   {

      Authentication auth = SecurityContextHolder.getContext().getAuthentication();
      String url = request.getRequestURL().toString();
      System.out.println(url);
      if( auth.isAuthenticated() )
      {
         response.sendRedirect( "/my/overview" );
         return false;
      }

      return true;
   }

However, even if I am logged in, the debugger seems to think that I'm still on the /login route. 但是,即使我已登录,调试器似乎也认为我仍在/ login路由上。 Does spring boot route every request through /login for checking authentication? spring boot是否通过/login路由每个请求以检查身份验证? How do I achieve my aim of not resolving the login page unless the user is logged out? 我如何实现除非用户注销否则不解决登录页面的目标?

1 个解决方案

解决方案1
 0 已采纳  2019-07-08 09:31:34

Actually what was happening here was 'anonymousUser' was being returned for isAuthenticated, and thus the authenticated method wasn't working. 实际上,这里发生的是为isAuthenticated返回了“ anonymousUser”,因此authenticated方法无法正常工作。 The redirect for unauthorised accounts kicked in making me think that everything was going through login route when it was actually just the security doing its thing. 对于未经授权的帐户的重定向使我觉得一切都在通过登录路径进行,而实际上这只是安全性在起作用。 checking for principle null was the way to go instead. 检查原理是否为null是替代方法。 

 if( auth.isAuthenticated() && principal != null )
 {
      response.sendRedirect( OVERVIEW_PAGE );
      return false;
 }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Boot对每个请求进行身份验证 - Spring boot authenticate for every request Spring Boot @JmsListener 拦截器 - Spring Boot @JmsListener Interceptor Spring Boot休眠拦截器 - Spring boot hibernate interceptor Spring Boot 中的自定义拦截器【添加 HTTP 请求头】 - Custom interceptor in Spring Boot [ADD HTTP REQUEST HEADER] Spring 引导 - 拦截器:仅在 GET 请求中排除路径 - Spring Boot - Interceptor: Exclude path only in GET request Spring Boot & Slf4j 2 Http 请求元数据记录拦截器? - Spring Boot & Slf4j 2 Http request metadata logging interceptor? 如何配置 spring 拦截器以在每个请求中调用 - How to configure spring interceptor to get called with every request 每次请求之前的 Spring Boot(事件处理程序) - Spring Boot (Event Handler) before every request spring-boot 拦截器不拦截 - spring-boot interceptor is not intercepting 如何在 Spring boot 中配置拦截器? - How to configure interceptor in Spring boot?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM